package com.tsk.base.security;

import lombok.extern.slf4j.Slf4j;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @author: 黄嘉振
 * @create: 2023/5/5 10:29
 * @description:
 **/
@Slf4j
@EnableWebSecurity
public class ActuatorSecurityConfiguration extends WebSecurityConfigurerAdapter {

    public ActuatorSecurityConfiguration() {
        log.info("ActuatorSecurityConfiguration start....");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/actuator/**").authenticated()
                // 这里使用了 httpBasic，否则spring boot admin 调用接口 instances/xx/actuator/health 会302（暂未知原因）
                // 故在此使用 httpBasic，则无此问题，但由于 httpBasic 本身安全性并不高，所以不建议直接访问各服务的 actuator
                .and().httpBasic()
                .and().csrf().disable();
    }
}
